Records all password changes Requires dedicated servers Can be distributed across the world Provide Resources (printers /share folder) Services like email uses AD Stores group policy Everything in AD is an object
Domains
Logical group that shares the same AD database
Shares the same name space
Domian Controller Runs AD Domain Services Holds a copy of an AD database Replicate changes with other DC
Windows 2008 new AD features
AD certificate services - issue certificates
AD Application Mode - allows application to access database of AD
AD Federation Service - Allows to communicate two different domains
AD Right Management - Protect documenets such as not to print ,read etc RODC - domain controller with read only access . this is put in places where any security issue. This can be easily removed from domain also AD is now restartable Granular password policy AD snapshots - snapshots for the database